This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have a customer who is trying to establish a TLS connection to my server. They have loaded my certificates and the certificate exchange appears to be working properly. However, their client does not send data after the server has ACKed the clients Encrypted Handshake Message.

Link to pcap added. link text alt text

Anyone have any ideas why the client wouldn't be sending application data?

asked 13 Sep '16, 11:35

RFB's gravatar image

RFB
5113
accept rate: 0%

edited 14 Sep '16, 09:55

For better help you should include a packet capture file, not just a screenshot.

(13 Sep '16, 15:27) Lekensteyn

Added link to pcap in original post.

(14 Sep '16, 14:30) RFB

The pcap strengthens my analysis below, SSLv2 was killed long time ago. Your client should not send a SSLv2-compatible hello message. Btw, the Certificate message contains the hostname of your server which is not anonimized.

(16 Sep '16, 01:34) Lekensteyn

If you look at the source address of the TCP RST, you will notice that it matches the IP address of the server (based on the source of the Server Hello).

There are multiple strange things about your report:

  • SSLv2 is reported in the Client Hello.
  • Encrypted Handshake Message is reported by the client after the ChangeCipherSpec. I would expect a Finish message here.
  • The server did not have the chance to send a ServerHelloDone after the Certificate (see RFC 5246 for the expected flow for a full handshake).

Check:

  • Are you using the latest Wireshark version? Currently 2.0.6 or 2.2.0 are considered recent.
  • Check the access/error logs of your webserver.
  • Check for possible compatibility issues of your client. (Why is it using SSLv2 for example?)
permanent link

answered 13 Sep '16, 15:26

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×75
×44

question asked: 13 Sep '16, 11:35

question was seen: 3,112 times

last updated: 16 Sep '16, 01:34

p​o​w​e​r​e​d by O​S​Q​A